Eval usage in Yii
eval = evil!Rate Topic:
1 Votes

Hey all, I understand why Yii uses eval() 11 times throughout it's PHP code, but is it truly necessary?

The point is that eval is inherently slower (and if used improperly, unsafe), but more importantly, many companies will likely start to look at PHP + HipHop (aka hphp, a solution from Facebook to compile PHP code as C++ extensions, for speed). HipHop removes support for eval(), which means that by default, Yii cannot be considered as a framework for massive applications such as Facebook, etc, where performance is a major concern.

It is not scientific to draw the conclusion that having eval() in a library would necessarily mean the library is poor in performance. If so, would you consider PHP itself is slow since its numerous 3rd party libraries contains thousands of eval()'s?

Also, hiphop removing support for eval() doesn't mean it can't run PHP code with eval() code. In fact, I believe hiphop also doesn't support other dynamic language features of PHP.

Having said the above, among these 11 eval() in Yii, none of them appears in the core framework execution path. In fact, some of these eval()'s appear in console commands where performance is not a concern, while some others appear in optional features that you are free not to use them.

In order to improve performance, it is very important to make sure you only load/execute code that are necessary for a particular request (the so-called on-demand loading or lazy execution). It is because of this reason that Yii is much faster than other frameworks.

HipHop is not a panacea to cure performance problem. Before you should resort to using HipHop, there are many other places that you should dig into to improve performance, such as optimizing your SQL queries, using caching techniques, reducing unnecessarily executed code, etc.

HipHop is not a panacea to cure performance problem. Before you should resort to using HipHop, there are many other places that you should dig into to improve performance, such as optimizing your SQL queries, using caching techniques, reducing unnecessarily executed code, etc.

Agreed, and I think Yii is very optimal in that regard, it just would be nice to reduce the evals if they aren't 100% necessary in each relevant section of code.

BTW, qiang, why do core developers not spend any time in IRC? Small group of people in there, but would be nice to have a core dev participate :-)
Another IRC user was saying yesterday that 1 or 2 other core devs used to be in IRC pretty often, now they're never there. It's a shame

PHP is PHP....C++ is C++...personally, I don't like the idea of turning PHP into C++

and I also think that Yii shouldn't be made to fit the needs of HipHop, but instead, HipHop should fix its code to make eval() be converted in C++ sentences, once this is the major purpose of the tool (convert PHP into C++)...

Keep in mind: Most here got a job and only very limited time. I prefer that developers spend time on coding instead of chatting in IRC.

I agree. I think being in IRC would either mean that nothing would get done on the framework (as all of the time would be spent answering (generally) straight-forward questions), or the dev team would be on IRC, but would ignore everything there anyway since it's too much of a distraction.

The eval() issue is a bit bigger than just HipHop, though. eval() allows for great flexibility for instance with RBAC and its business rules, but is potentially unsafe whenever any user input is evaluated therein. In this particular case, I don't really see why these business rules cant be handled for instance by specifying a callback to a boolean function, which handles the logic. Since PHP5.3 and its anonymous functions, these can even be created on the fly for maximum flexibility (though that probably wouldn't be necessary 99% of the time). A side benefit of this would be easier debugging, since eval()d code in RBAC is ran with an error suppressor (@), so it's not obvious when for instance there's a typo in a business rule.

Yii is open source. Also Yii very-very-very flexible framework (the most flexible I've ever seen before).

If you need to compile your Yii project into "C++" code via HipHop just take the framework's source code, change it (or make changes to your's application - replace needed classes and go on!), and make a fork (if you want to share your code with community).

PHP is PHP....C++ is C++...personally, I don't like the idea of turning PHP into C++

and I also think that Yii shouldn't be made to fit the needs of HipHop, but instead, HipHop should fix its code to make eval() be converted in C++ sentences, once this is the major purpose of the tool (convert PHP into C++)...

regards!!

The point is to convert it for high-level performance, not for ongoing maintenance. You would still develop your code in PHP, just compile for production use. And a possible application for this (in addition to higher performance results) is to also be able to compile a web application for commercial distribution (possibly).

The developers of HipHop feel that eval is unneeded (and reduces performance), and afaik they don't intend to add eval back in.

True but the way they are used in the examples are not that usefull... Add a guest or member account / small if statement for user id..

I understand that it's easier for an admin to assign a edit own rule, but for the programmer much harder to track back what's happening with the "invisible code".

Also CGridView depends on eval but do we really want/need php expressions evalled to modify some date column

I think the biggest problem is not that it is slow, but can become hard to read, hard to debug and when not very carefully can lead to some dangerous situations too And I guess most programmers seem to agree eval == evil